# IPSec Remote Access VPN Clients on Windows
## **Overview**
This configuration guide describes configuring IPsec IKEv2 Remote Access VPN by Windows Client on Windows OS to establish VPN connections. After that, the customer can access virtual machines and applications located on the HGIO Cloud with more security and reliability.
## **Procedure**
**Setup IPSec IKEv2 Remote Access VPN**\
**Setup VPN Windows Client**
{% stepper %}
{% step %}
**Step 1:** Configuration VPN Profile for Windows client.
Open **PowerShell** with **Administrator** permission.
Copy and paste the information below into PowerShell (replace red word xxxx by your domain name).
> Add-VpnConnection -Name "HI-GIO-IKEv2-VPN" -ServerAddress " remote-xxxxx.xxxx01.vpn.higio.net " -TunnelType "Ikev2"
>
> Set-VpnConnectionIPsecConfiguration -ConnectionName "HI-GIO-IKEv2-VPN" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants GCMAES128 -EncryptionMethod GCMAES128 -IntegrityCheckMethod SHA256 -PfsGroup "PFS2048" -DHGroup "Group14" -PassThru -Force
{% endstep %}
{% step %}
**Step 2:** Enable VPN split tunneling in the Windows client.
Virtual private network (VPN) split tunneling lets you route some of your application or device traffic through an encrypted VPN. In contrast, other applications or devices have direct access to the internet.
Copy and paste the information below into PowerShell.
> Set-VPNconnection -name "HI-GIO-IKEv2-VPN" -SplitTunneling $true
{% endstep %}
{% step %}
**Step 3:** Add a route to a VPN connection.
* Add a VPN connection route for the subnet (example: 10.16.1.0/24). If we need to add an additional subnet, perform the same way and replace it with the new subnet.
* Copy and paste the information below into PowerShell.
> Add-VpnConnectionRoute -ConnectionName "HI-GIO-IKEv2-VPN" -DestinationPrefix "10.16.1.0/24" -PassThru
* Step Connect VPN from Windows Client.
* Login to the account with the provided username and password, then click OK.
* The VPN connection was established successfully.
* Using the ping command line, confirm that you are connected to the application located on the HGIO Cloud.
